The following is a set of comments dealing with small changes that need to
be made to the current draft. Comments on actual content such as XML
syntax, etc. will follow as appropriate.
1. All IETF drafts now require a patent statement a the top of the draft.
Such as statement should be added to the document.
2. Example in section 2.0 should be a DSS example as this is the mandatory
example. I assume that at some point this will be come a verifiable example
as well.
3. Section 3.0 -- In the ATTLIST SignatureValue is misspelled.
4. Section 3.0 -- SignatureValue is no longer an empty-tag element.
5. Section 3.0 - Insert reference to Base64.
6. Based on input from mailing list -- please change c14nAlg as an element
to fully spelled out.
7. Section 4.3.1 - I know that we were one of the people who wanted to make
the location optional. What we had in mind was the following statement:
"If the location is omitted, then the content being signed is the first
Object in the immeadiate surrounding Signature."
8. Section 4.3.5 - This is no longer an empty-element tag.
9. Section 5.0 -- there are two DTD definitions for Object here.
10. Section 6.0 -- The DTD appears incorrect. ANY can only occur once and
not with any of the current defined items. Should ANY be inside of the *?
11. Section 7.1 -- Please remove all references to MD5. We should not be
pushing the older potentially bad hash algorithms (after all MD2 is not here
either). SHA1 will cover our needs until the AES hash algorithm comes along
12. Please remove references to AES algorithms. There will be a block
cipher finalist bext year and there is no hash yet. .
13. Section 8.1
- Step 2 - "Calculate the digest over the result of the
transformations."
- Step 3 - formatting on objectreference is incorrect.
- Step 4 - space between SignedInfo/Element
- Step 5 - references step d
- Step f) - should be moved to step 6.
14. Section 8.2
- Step 6 - references steps c and d.
- Remove last sentence of step 6 -- this would go to description of
canonicazation.
15. We assume that the editorial comments will be removed in the process of
creating an IETF I-D.
Jim Schaad and Barbara Fox
Microsoft
-